Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / iptables / 73f3d9a7a129270831af2ebff7053f7e503c51a2 / . / include / linux / netfilter.h
blob: 54771312ff0743ab6f34f16231a18ad112ad01aa [file] [log] [blame]
Patrick McHardyf2565b72008-01-29 14:34:27 +0000[diff] [blame]1#ifndef __LINUX_NETFILTER_H
2#define __LINUX_NETFILTER_H
3
Jan Engelhardt350661a2010-01-31 22:42:52 +0100[diff] [blame]4#include <linux/types.h>
5
Jan Engelhardtdbe77cc2011-08-28 14:19:43 +0200[diff] [blame]6#include <linux/sysctl.h>
Jan Engelhardtca7cd662008-02-11 01:23:01 +0100[diff] [blame]7
Patrick McHardyf2565b72008-01-29 14:34:27 +0000[diff] [blame]8/* Responses from hook functions. */
9#define NF_DROP 0
10#define NF_ACCEPT 1
11#define NF_STOLEN 2
12#define NF_QUEUE 3
13#define NF_REPEAT 4
14#define NF_STOP 5
15#define NF_MAX_VERDICT NF_STOP
16
17/* we overload the higher bits for encoding auxiliary data such as the queue
Jan Engelhardtdbe77cc2011-08-28 14:19:43 +0200[diff] [blame]18 * number or errno values. Not nice, but better than additional function
19 * arguments. */
20#define NF_VERDICT_MASK 0x000000ff
Patrick McHardyf2565b72008-01-29 14:34:27 +0000[diff] [blame]21
Jan Engelhardtdbe77cc2011-08-28 14:19:43 +0200[diff] [blame]22/* extra verdict flags have mask 0x0000ff00 */
23#define NF_VERDICT_FLAG_QUEUE_BYPASS 0x00008000
24
25/* queue number (NF_QUEUE) or errno (NF_DROP) */
Patrick McHardyf2565b72008-01-29 14:34:27 +0000[diff] [blame]26#define NF_VERDICT_QMASK 0xffff0000
27#define NF_VERDICT_QBITS 16
28
Jan Engelhardtdbe77cc2011-08-28 14:19:43 +0200[diff] [blame]29#define NF_QUEUE_NR(x) ((((x) << 16) & NF_VERDICT_QMASK) | NF_QUEUE)
30
31#define NF_DROP_ERR(x) (((-x) << 16) | NF_DROP)
Patrick McHardyf2565b72008-01-29 14:34:27 +0000[diff] [blame]32
33/* only for userspace compatibility */
34/* Generic cache responses from hook functions.
35 <= 0x2000 is used for protocol-flags. */
36#define NFC_UNKNOWN 0x4000
37#define NFC_ALTERED 0x8000
38
Jan Engelhardtdbe77cc2011-08-28 14:19:43 +0200[diff] [blame]39/* NF_VERDICT_BITS should be 8 now, but userspace might break if this changes */
40#define NF_VERDICT_BITS 16
41
Patrick McHardyf2565b72008-01-29 14:34:27 +0000[diff] [blame]42enum nf_inet_hooks {
43 NF_INET_PRE_ROUTING,
44 NF_INET_LOCAL_IN,
45 NF_INET_FORWARD,
46 NF_INET_LOCAL_OUT,
47 NF_INET_POST_ROUTING,
48 NF_INET_NUMHOOKS
49};
50
Jan Engelhardt03d99482008-11-18 12:27:54 +0100[diff] [blame]51enum {
52 NFPROTO_UNSPEC = 0,
53 NFPROTO_IPV4 = 2,
54 NFPROTO_ARP = 3,
55 NFPROTO_BRIDGE = 7,
56 NFPROTO_IPV6 = 10,
57 NFPROTO_DECNET = 12,
58 NFPROTO_NUMPROTO,
59};
60
Patrick McHardyf2565b72008-01-29 14:34:27 +0000[diff] [blame]61union nf_inet_addr {
Jan Engelhardtca7cd662008-02-11 01:23:01 +0100[diff] [blame]62 __u32 all[4];
Patrick McHardye0bba472008-06-05 16:18:41 +0200[diff] [blame]63 __be32 ip;
64 __be32 ip6[4];
Patrick McHardyf2565b72008-01-29 14:34:27 +0000[diff] [blame]65 struct in_addr in;
66 struct in6_addr in6;
67};
68
69#endif /*__LINUX_NETFILTER_H*/